1 Reply by 52eason

(3 replies, posted in wolfSSL)

Hi Amit,

just throw my thought, hope it helps.

Could you have test using below example codes?
It's trying to load ECC key pairs, then decode -> export private key.
the private key will be exported to derKey, and length is derKeySz.

========= Examples ==============
ecc_key priKey;
int derKeySz;
FILE* priFile;
byte tmp[TWOK_BUF];
word32  idx = 0;
int ret;

priFile= fopen(xxx.key, "rb");
    if (!priFile)
    {
        printf("\r\nLoad Private Key fail.");
        return;
    }

    derKeySz = fread(tmp, 1, TWOK_BUF, priFile);
    fclose(priFile);

    ret = EccPrivateKeyDecode(tmp, &idx, &priKey, (word32)derKeySz);
    if (ret != 0) {
        printf("\r\nEccPrivateKeyDecode fail.");
        return;
    }

    ret = ecc_export_private_only (&priKey, derKey, &derKeySz);

    if (ret != 0)
    {
        printf ("<%s> Fail!\n", __func__);
        return;
    }

Go to forum: wolfSSL

2 Reply by 52eason

(6 replies, posted in wolfSSL)

Thanks you help, we have aware this already, the only one problem we faced is to customize extension fields I mentioned in CSR.
Per mentioned, we are using an external ASN1 structure to wrap the content we want, then put in to othername field.
It generates success, I exported as PEM format FYI.

-----BEGIN CERTIFICATE REQUEST-----
MIIBDDCBsQIBAjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESeSvET2DW59/
atbDacUc5HVPHDjfxChG7fIo0Ec/BSQrGlVAEY1f6BJBTSwhzYU9+M3dpzd2oJdo
QHXaPYtHIKBPME0GCSqGSIb3DQEJDjFAMD4wCwYDVR0PBAQDAgMIMC8GA1UdEQQo
MCagJAYIKwYBBQUHCASgGDAWBgorBgEEAQ8CAQEABAj//////////zAMBggqhkjO
PQQDAgUAA0gAMEUCIQC5zturfO08fFGuj0EdauFFfvHLsekoJqju9aw6cX4CZAIg
IhsLmbsLCudIp8jReG+kIYY5fOygTFUiOT3ue9ZmjHI=
-----END CERTIFICATE REQUEST-----

Also, to demonstrate our idea is correct, we also use openssl to verify our modification. The original openssl didn't supported othername, so we have a light modify in openssl, to parser HEX data in othername field. Fortunately, it works.

Thanks all the valuable input from you, we are moving to next step now -- to have a signed certificates based on this CSR.

Go to forum: wolfSSL

3 Reply by 52eason

(6 replies, posted in wolfSSL)

Thanks Chris,

I added an CSR within SubjectAltName, however I cannot found an existing API to load CSR and then signing, then generate Certificate... I will post here if any progress, thanks your reply.

Eason

Go to forum: wolfSSL

4 Reply by 52eason

(6 replies, posted in wolfSSL)

Thanks Chris,

I saw it seems implement the parser when I activate CYASSL_SEP flag.
May I know if any direction you can provide for our reference?
I am trying to use setAltNameBuffer to put this ASN1 content into our certificate, is it possible?

I am working on an smart metering related project so far.

Go to forum: wolfSSL

5 Topic by 52eason

(6 replies, posted in wolfSSL)

There is a request to implement SubjectAltName using:

    GeneralName->Othername->id-on-hardwareModuleName

the id-on-hardwareModuleName defined in RFC4108.

I try to find if any existing code could used for this purpose, but seems not supported yet. May I know how we implement these extend fields?

Go to forum: wolfSSL